-
Notifications
You must be signed in to change notification settings - Fork 0
/
misp.conf
32 lines (30 loc) · 924 Bytes
/
misp.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
input {
http_poller {
urls => {
misp => {
method => get
url => "https://misp-instance-url/events/restSearch"
headers => {
"Authorization" => "YOUR_MISP_API_KEY"
"Accept" => "application/json"
"Content-Type" => "application/json"
}
body => '{ "returnFormat": "json", "last": "1d" }'
}
}
request_timeout => 60
schedule => { every => "1h" }
codec => "json"
}
}
filter {
# You can add filters here if needed, e.g., to extract fields
}
output {
elasticsearch {
hosts => ["http://elasticsearch-host:9200"]
index => "misp-events-%{+YYYY.MM.dd}"
user => "elastic" # optional, if you have set up authentication in your Elasticsearch
password => "yourpassword" # optional
}
}